Redirect virus

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Redirect virus

Post by computerchallenged on Wed 02 Nov 2011, 1:09 pm

I've tried several products to eradicate the redirect virus but have been unsuccessful. I have used several search engines and when I click on a link, it redirects me to another site.

Here is my OTL log file and the others are to follow shortly. Please help!

OTL logfile created on: 11/1/2011 9:22:12 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.30 Mb Total Physical Memory | 237.28 Mb Available Physical Memory | 46.41% Memory free
1.22 Gb Paging File | 0.90 Gb Available in Paging File | 74.06% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 15.66 Gb Free Space | 42.02% Space Free | Partition Type: NTFS

Computer Name: B-C6SPFYDMW376J | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/01 21:04:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
PRC - [2011/09/23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/09/23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/09/23 11:38:21 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/09/16 02:34:43 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010/06/24 15:34:52 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2010/06/24 15:34:50 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/12/16 09:30:06 | 000,356,352 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\ZCfgSvc.exe
PRC - [2003/12/16 09:24:20 | 000,184,320 | ---- | M] (Intel) -- C:\WINDOWS\system32\1XConfig.exe
PRC - [2003/12/16 09:23:40 | 000,303,171 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\system32\S24EvMon.exe
PRC - [2003/12/16 09:22:36 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\RegSrvc.exe
PRC - [2003/11/21 18:49:28 | 000,258,048 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\system32\00THotkey.exe
PRC - [2003/03/14 15:38:12 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2002/09/20 20:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/31 21:52:11 | 000,069,120 | RHS- | M] () -- C:\WINDOWS\system32\msxmlp.dll
MOD - [2011/10/25 19:50:14 | 000,155,648 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\i18CommonMgmt\acxobjmon.dll
MOD - [2011/09/16 02:05:58 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010/06/24 15:34:52 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
MOD - [2003/12/16 09:29:42 | 000,204,800 | ---- | M] () -- C:\WINDOWS\system32\C1XStngs.dll
MOD - [2003/11/14 14:57:00 | 000,081,920 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll
MOD - [2002/12/04 11:57:00 | 000,651,264 | ---- | M] () -- C:\WINDOWS\system32\libeay32.dll
MOD - [2002/12/04 11:57:00 | 000,147,456 | ---- | M] () -- C:\WINDOWS\system32\ssleay32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (SessionLauncher)
SRV - File not found [Disabled | Stopped] -- -- (RoxLiveShare10)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/09/23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/09/23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/06/24 15:34:52 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2009/01/07 18:21:00 | 000,026,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)
SRV - [2008/08/08 21:46:55 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/02/23 11:41:02 | 002,045,632 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2003/12/16 09:23:40 | 000,303,171 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\WINDOWS\system32\S24EvMon.exe -- (S24EventMonitor)
SRV - [2003/12/16 09:22:36 | 000,122,880 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\RegSrvc.exe -- (RegSrvc)
SRV - [2003/12/10 00:50:54 | 000,126,976 | ---- | M] (TOSHIBA) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe -- (Tmesrv)
SRV - [2003/12/02 21:05:54 | 000,028,672 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2003/10/21 15:26:14 | 000,053,248 | ---- | M] () [Disabled | Stopped] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2003/08/01 18:56:02 | 000,086,016 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe -- (Tmesbs)
SRV - [2003/05/23 17:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Disabled | Stopped] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2002/09/20 20:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2011/09/18 08:39:27 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/09/15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/09/15 23:55:03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/02/11 10:42:11 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2006/06/30 19:20:32 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/02/26 18:35:13 | 000,014,037 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/01/09 23:26:46 | 000,028,416 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TEchoCan.sys -- (TEchoCan)
DRV - [2004/01/02 06:52:34 | 001,646,720 | ---- | M] (IntelŪ Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w22n51.sys -- (w22n51) Intel(R)
DRV - [2003/12/24 23:34:04 | 000,091,008 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfbd.sys -- (Tosrfbd)
DRV - [2003/12/17 03:45:46 | 000,048,000 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfhid.sys -- (Tosrfhid)
DRV - [2003/12/17 00:08:46 | 000,013,312 | ---- | M] (National Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NscTpmDD.sys -- (portio)
DRV - [2003/12/16 09:16:26 | 000,010,970 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2003/12/10 21:11:26 | 000,100,153 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/12/05 13:16:38 | 000,062,607 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2003/12/05 06:50:28 | 000,979,840 | ---- | M] (IntelŪ Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51) Intel(R)
DRV - [2003/11/28 00:29:08 | 000,053,632 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2003/11/21 18:22:48 | 000,017,076 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2003/11/20 15:24:10 | 000,045,534 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosporte.sys -- (tosporte)
DRV - [2003/10/24 17:53:14 | 000,090,416 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2003/08/19 20:04:30 | 000,036,131 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2003/08/07 19:52:00 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\TVALZ.SYS -- (TVALZ)
DRV - [2003/06/11 12:53:22 | 000,006,867 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv)
DRV - [2003/02/04 16:12:36 | 000,008,605 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfec.sys -- (tosrfec)
DRV - [2003/01/29 18:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2002/12/20 17:07:00 | 001,164,576 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002/11/18 21:20:44 | 000,030,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gv3.sys -- (gv3)
DRV - [2002/09/26 17:15:28 | 000,005,760 | ---- | M] (Toshiba Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TMEI3E.sys -- (TMEI3E)
DRV - [2002/04/06 23:50:56 | 000,019,607 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TOSSMBNT.sys -- (tossmbnt)
DRV - [2001/09/11 15:54:32 | 000,038,425 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FC50227B-E2CA-4C2B-9EA2-BA4C8C529B9B}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{FC50227B-E2CA-4C2B-9EA2-BA4C8C529B9B} [2011/09/06 14:13:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/07 23:26:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/01 19:09:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 8\components [2011/10/26 08:34:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins

[2008/10/30 00:16:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/11/01 18:25:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\extensions
[2010/06/20 19:00:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/01 18:25:11 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/10/27 23:01:43 | 000,002,479 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\searchplugins\askcom.xml
[2011/01/09 17:10:11 | 000,002,698 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\searchplugins\twitter.xml
[2011/05/10 20:47:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/11 21:03:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/24 20:56:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2003/03/31 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKCU..\Run: [acxobjmon] C:\Documents and Settings\Administrator\Local Settings\Application Data\i18CommonMgmt\acxobjmon.dll ()
O4 - HKLM..\RunOnce: [AOLRebootNeeded] C:\WINDOWS\System32\regsvr32.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [You must be registered and logged in to see this link.] (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [You must be registered and logged in to see this link.] (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} [You must be registered and logged in to see this link.] (Office Update Installation Engine)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} [You must be registered and logged in to see this link.] (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08C74418-A496-4E76-8E1E-D061794E858D}: DhcpNameServer = 192.168.1.1 71.252.0.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\Sebring: DllName - (C:\WINDOWS\System32\LgNotify.dll) - C:\WINDOWS\system32\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/13 20:25:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{a59288a1-ef62-11df-9d87-000e7beb410a}\Shell - "" = AutoRun
O33 - MountPoints2\{a59288a1-ef62-11df-9d87-000e7beb410a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a59288a1-ef62-11df-9d87-000e7beb410a}\Shell\AutoRun\command - "" = E:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "IntuitUpdateService"
MsConfig - Services: "idsvc"
MsConfig - Services: "hkmsvc"
MsConfig - Services: "FontCache3.0.0.0"
MsConfig - Services: "FLEXnet Licensing Service"
MsConfig - Services: "Fax"
MsConfig - Services: "FastUserSwitchingCompatibility"
MsConfig - Services: "EventSystem"
MsConfig - Services: "EapHost"
MsConfig - Services: "DVD-RAM_Service"
MsConfig - Services: "Dnscache"
MsConfig - Services: "dmserver"
MsConfig - Services: "dmadmin"
MsConfig - Services: "CryptSvc"
MsConfig - Services: "COMSysApp"
MsConfig - Services: "clr_optimization_v2.0.50727_32"
MsConfig - Services: "CFSvcs"
MsConfig - Services: "Bonjour Service"
MsConfig - Services: "BITS"
MsConfig - Services: "ALG"
MsConfig - Services: "Tmesrv"
MsConfig - Services: "Tmesbs"
MsConfig - Services: "Themes"
MsConfig - Services: "TapiSrv"
MsConfig - Services: "Swupdtmr"
MsConfig - Services: "SamSs"
MsConfig - Services: "Microsoft Office Groove Audit Service"
MsConfig - Services: "Viewpoint Manager Service"
MsConfig - Services: "SessionLauncher"
MsConfig - Services: "RoxLiveShare10"
MsConfig - Services: "ose"
MsConfig - Services: "NVSvc"
MsConfig - Services: "MDM"
MsConfig - Services: "LiveUpdate"
MsConfig - Services: "JavaQuickStarterService"
MsConfig - Services: "avg9wd"
MsConfig - Services: "aspnet_state"
MsConfig - Services: "NetFxUpdate_v1.1.4322"
MsConfig - Services: "nosGetPlusHelper"
MsConfig - StartUpReg: 000StTHK - hkey= - key= - File not found
MsConfig - StartUpReg: AGRSMMSG - hkey= - key= - C:\WINDOWS\agrsmmsg.exe (Agere Systems)
MsConfig - StartUpReg: Apoint - hkey= - key= - C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
MsConfig - StartUpReg: AVG9_TRAY - hkey= - key= - File not found
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: H/PC Connection Agent - hkey= - key= - C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation)
MsConfig - StartUpReg: HostManager - hkey= - key= - C:\Program Files\Common Files\AOL\1145470929\ee\aolsoftware.exe (America Online, Inc.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= - File not found
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
MsConfig - StartUpReg: NVRotateSysTray - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: rasMapppm - hkey= - key= - File not found
MsConfig - StartUpReg: SmoothView - hkey= - key= - C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: TAudEffect - hkey= - key= - C:\Program Files\Toshiba\TAudEffect\TAudEff.exe (TOSHIBA)
MsConfig - StartUpReg: TFncKy - hkey= - key= - File not found
MsConfig - StartUpReg: TFNF5 - hkey= - key= - File not found
MsConfig - StartUpReg: TosHKCW.exe - hkey= - key= - C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe (TOSHIBA CORPORATION)
MsConfig - StartUpReg: TPSMain - hkey= - key= - File not found
MsConfig - StartUpReg: Verizon_McciTrayApp - hkey= - key= - C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.1.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.1.4
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {96543d59-497a-4801-a1f3-5936aacaf7b1} - Q828750
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CA347303-40DC-8D5F-82FA-87D47689462F} - Internet Explorer
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE


computerchallenged

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2009-05-25
Operating System : Windows XP

View user profile

Back to top Go down

Re: Redirect virus

Post by computerchallenged on Wed 02 Nov 2011, 1:10 pm

Drivers32: MSACM.CEGSM - C:\WINDOWS\System32\MOBILEV.ACM ()
Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/01 21:04:31 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
[2011/10/31 23:06:40 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/31 23:00:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/31 23:00:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/31 23:00:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/31 23:00:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/31 23:00:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/31 23:00:00 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/10/31 22:59:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/31 22:59:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2011/10/31 20:20:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/10/29 15:36:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Avira
[2011/10/29 15:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/10/29 15:35:15 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/10/29 15:35:05 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/10/29 15:35:05 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/10/29 15:35:05 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2011/10/29 15:34:30 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/10/29 15:34:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/10/29 15:25:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\i18CommonMgmt
[2011/10/29 11:19:28 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/10/28 00:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/10/28 00:14:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/10/16 21:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/10/16 21:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
[2011/10/16 21:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\uTorrent
[2011/10/16 21:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2011/10/11 18:44:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AppWebspl
[2011/10/07 23:30:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Apple Computer
[2011/10/07 23:30:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/10/07 23:30:04 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2011/10/07 23:28:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/07 23:27:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/07 23:27:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/10/07 23:26:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/10/07 23:25:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2011/10/07 23:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple
[2011/10/07 23:24:51 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/10/07 23:24:25 | 004,517,664 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2011/10/07 23:22:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2011/10/07 23:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/10/07 23:21:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple Computer
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

computerchallenged

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2009-05-25
Operating System : Windows XP

View user profile

Back to top Go down

Re: Redirect virus

Post by computerchallenged on Wed 02 Nov 2011, 1:10 pm

OTL Extras logfile created on: 11/1/2011 9:22:12 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.30 Mb Total Physical Memory | 237.28 Mb Available Physical Memory | 46.41% Memory free
1.22 Gb Paging File | 0.90 Gb Available in Paging File | 74.06% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 15.66 Gb Free Space | 42.02% Space Free | Partition Type: NTFS

Computer Name: B-C6SPFYDMW376J | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.js [@ = jsfile] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
jsfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1145470929\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1145470929\ee\aolsoftware.exe:*:Enabled:AOL Services -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\1145470929\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1145470929\ee\aim6.exe:*:Enabled:AIM -- (America Online, Inc.)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe
"C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"E:\uTorrent.exe" = E:\uTorrent.exe:*:Enabled:ĩTorrent


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}" = ArcSoft Print Creations
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{1CA2E5E4-F4FE-44B4-95E9-77523FB95838}" = EPSON Stylus CX9400Fax Series Scanner Driver Update
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{2746B4DE-A2EE-4B33-A7CE-B33BAD5EF6FE}" = Vz In Home Agent
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}" = TOSHIBA Console
"{3D29DFC0-EAA2-012B-AED3-000000000000}" = TurboTax 2009 wvaiper
"{4701BF4D-9DBD-4F3B-953A-AFC3316E821B}" = TOSHIBA Dual Pointing Device Utility
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7862BAD8-A379-4128-8AA1-EFD5A9603C53}" = Wireless Hotkey
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B9A0703-0191-49CD-8A35-5B463197C619}" = Windows SD Host Controller Driver
"{7BB493F6-1E56-4748-B3A3-D7B1FB6EE2FE}" = Motorola Mobile Drivers Installation 4.7.1
"{82705358-3BD6-3CD5-AA9A-B8F058BE3A29}" = Google Talk Plugin
"{85376E80-1A9D-4b13-92FE-5B0797FFB7DA}" = Intel(R) PROSet for Wireless
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{9AC200C3-A4C8-401C-A5A8-202BE888B165}" = TOSHIBA Fax Extension
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A962C8E1-4F0B-4BA9-806E-B8D9A3B31F82}" = SurfHere by Toshiba
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{BB830F9E-53B3-492F-B39C-2DF615D1C9E1}" = TurboTax 2010 wvaiper
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D03E7B00-CA85-4684-9321-1888873C34BD}" = ArcSoft PhotoImpression 6
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D177BD9B-9B11-4E28-8584-E0F93BB33F5B}" = TOSHIBA IPPhone
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDC146FA-73E0-4FA1-A353-841EA14BF600}" = Drag'n Drop CD+DVD
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F6C405D2-C50D-4D10-B89E-73A233A14D74}" = Toshiba Registration
"{F816A1EB-392D-459C-A5A2-8C8B9CD75446}" = TOSHIBA SD Memory Boot Utility
"{FC99D835-CA4A-4E58-82F6-31D0ACF0CACA}" = TOSHIBA Audio Effect
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"{FFC1ADE3-944B-4231-894E-3903C37271D2}" = Adobe Setup
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_c3c7fe8b09d497ab2b3fd91c9353390" = Adobe Flash CS3 Professional
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"ENTERPRISER" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"lts04" = lts04
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MotoConnect" = MotoConnect 1.1.31
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"Power Saver" = TOSHIBA Power Saver
"PROSet" = Intel(R) PRO Network Connections Drivers
"Silent Package Run-Time Sample" = EPSON CX9400 User's Guide
"SystemRequirementsLab" = System Requirements Lab
"TDspBtn" = TOSHIBA Display Devices Change Utility
"TFNF5" = TOSHIBA Hotkey Utility for Display Devices
"TME3" = TOSHIBA Mobile Extension3 for Windows XP V3.59.00.XP
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TOSHIBA Software Upgrades" = TOSHIBA Software Upgrades
"Toshiba Tbiosdrv Driver" = Toshiba Tbiosdrv Driver
"TOSHIBA Utilities" = TOSHIBA Utilities
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"uTorrent" = ĩTorrent
"Verizon Help and Support" = Verizon Help and Support Tool
"Windows CE Services" = Microsoft ActiveSync 3.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/29/2011 3:49:51 PM | Computer Name = B-C6SPFYDMW376J | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 10/29/2011 3:49:51 PM | Computer Name = B-C6SPFYDMW376J | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 10/29/2011 3:49:51 PM | Computer Name = B-C6SPFYDMW376J | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 10/29/2011 3:49:51 PM | Computer Name = B-C6SPFYDMW376J | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 10/29/2011 3:49:51 PM | Computer Name = B-C6SPFYDMW376J | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer Microsoft Writer
(Bootable State) called routine CVssWriterShim::Subscribe which failed with status
0x8000ffff (converted to 0x800423f4).

Error - 10/29/2011 3:49:52 PM | Computer Name = B-C6SPFYDMW376J | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184),
hr = 80070422: InitEventCollector fail

Error - 10/29/2011 3:49:53 PM | Computer Name = B-C6SPFYDMW376J | Source = VSS | ID = 12292
Description = Volume Shadow Copy Service error: Error creating the Shadow Copy Provider
COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80080005].

Error - 10/29/2011 3:49:53 PM | Computer Name = B-C6SPFYDMW376J | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184),
hr = 80070422: InitEventCollector fail

Error - 10/29/2011 3:50:23 PM | Computer Name = B-C6SPFYDMW376J | Source = VSS | ID = 12292
Description = Volume Shadow Copy Service error: Error creating the Shadow Copy Provider
COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80080005].

Error - 10/30/2011 3:42:03 PM | Computer Name = B-C6SPFYDMW376J | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This operation returned because the timeout period expired.

[ System Events ]
Error - 11/1/2011 9:06:48 PM | Computer Name = B-C6SPFYDMW376J | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 11/1/2011 9:06:48 PM | Computer Name = B-C6SPFYDMW376J | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 11/1/2011 9:07:03 PM | Computer Name = B-C6SPFYDMW376J | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 11/1/2011 9:19:27 PM | Computer Name = B-C6SPFYDMW376J | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 11/1/2011 9:19:28 PM | Computer Name = B-C6SPFYDMW376J | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 11/1/2011 9:19:28 PM | Computer Name = B-C6SPFYDMW376J | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 11/1/2011 9:19:28 PM | Computer Name = B-C6SPFYDMW376J | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 11/1/2011 9:19:28 PM | Computer Name = B-C6SPFYDMW376J | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 11/1/2011 9:19:28 PM | Computer Name = B-C6SPFYDMW376J | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 11/1/2011 9:19:28 PM | Computer Name = B-C6SPFYDMW376J | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058


< End of report >

computerchallenged

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2009-05-25
Operating System : Windows XP

View user profile

Back to top Go down

Re: Redirect virus

Post by computerchallenged on Wed 02 Nov 2011, 1:12 pm

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-01 21:44:19
-----------------------------
21:44:19.070 OS Version: Windows 5.1.2600 Service Pack 3
21:44:19.070 Number of processors: 1 586 0x905
21:44:19.070 ComputerName: B-C6SPFYDMW376J UserName: Administrator
21:44:19.821 Initialize success
21:44:34.291 AVAST engine defs: 11110103
21:44:37.736 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:44:37.736 Disk 0 Vendor: TOSHIBA_MK4025GAS KA101A Size: 38154MB BusType: 3
21:44:39.769 Disk 0 MBR read successfully
21:44:39.769 Disk 0 MBR scan
21:44:40.130 Disk 0 Windows XP default MBR code
21:44:40.270 Disk 0 scanning sectors +78140160
21:44:40.600 Disk 0 scanning C:\WINDOWS\system32\drivers
21:44:58.586 Service scanning
21:45:00.008 Modules scanning
21:45:14.659 Disk 0 trace - called modules:
21:45:14.690 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
21:45:14.690 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f94ab8]
21:45:14.690 3 CLASSPNP.SYS[f87b4fd7] -> nt!IofCallDriver -> \Device\00000082[0x82f981f8]
21:45:14.700 5 ACPI.sys[f872b620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82f2fd98]
21:45:15.220 AVAST engine scan C:\WINDOWS
21:45:20.608 AVAST engine scan C:\WINDOWS\system32
21:47:45.166 AVAST engine scan C:\WINDOWS\system32\drivers
21:48:03.642 AVAST engine scan C:\Documents and Settings\Administrator
21:54:49.476 AVAST engine scan C:\Documents and Settings\All Users
21:56:53.254 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
21:56:53.284 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"



computerchallenged

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2009-05-25
Operating System : Windows XP

View user profile

Back to top Go down

Re: Redirect virus

Post by computerchallenged on Wed 02 Nov 2011, 1:13 pm

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
Avira Free Antivirus
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
TuneUp Utilities Language Pack (en-US)
CCleaner
Java(TM) 6 Update 21
Java 2 Runtime Environment, SE v1.4.2_03
Out of date Java installed!
Adobe Flash Player ( 10.3.181.14) Flash Player Out of Date!
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````

computerchallenged

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2009-05-25
Operating System : Windows XP

View user profile

Back to top Go down

Re: Redirect virus

Post by Gabethebabe on Wed 02 Nov 2011, 7:05 pm

Hi there computerchallenged!

I am Gabethebabe and I will be helping you with this issue. Before we start some general remarks/rules:
  • Whilst Iīm helping you, please follow my instructions carefully and do not experiment on your own or accept help from other persons.
  • Feel free to ask questions! Especially if my instructions are not clear. Iīm here to help, not confuse you.
  • I will try and respond quickly, but please understand I do have a real life (job, wife, 3 kids, kinky hobbies).
  • Stick with me till the end. If your computer starts running better, doesnīt mean it is clean yet!

====================

I see that you have been running ComboFix. It is not a good idea to run combofix without being told to do so. ComboFix can solve problems, but it can also create them and only trained malware fighters should handle it.

Please see if you can find the log so I can have a look at it. It has probably been saved as C:\combofix.txt
Please copy and paste its contents back here.

====================

  • Please run OTL.exe again
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

Code:
:files
C:\Documents and Settings\Administrator\Local Settings\Application Data\i18CommonMgmt\acxobjmon.dll

:otl
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKCU..\Run: [acxobjmon] C:\Documents and Settings\Administrator\Local Settings\Application Data\i18CommonMgmt\acxobjmon.dll ()

:commands
[reboot]
  • Then click the Run Fix button at the top (Not the Run Scan!).
  • Allow it to run. It may take some time and you may see some things happen to your desktop - this is normal.
  • If it asks to reboot the computer, allow it to reboot.
  • If the program freezes, and the computer fails to reboot - let me know.
  • Finally, post the contents of the log. (Located at C:\_OTL\Moved Files)

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Redirect virus

Post by computerchallenged on Thu 03 Nov 2011, 1:27 am

Here is the new OTL log.

OTL logfile created on: 11/2/2011 10:15:23 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.30 Mb Total Physical Memory | 191.66 Mb Available Physical Memory | 37.49% Memory free
1.22 Gb Paging File | 0.88 Gb Available in Paging File | 72.59% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 15.49 Gb Free Space | 41.58% Space Free | Partition Type: NTFS

Computer Name: B-C6SPFYDMW376J | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/01 21:04:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
PRC - [2011/09/23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/09/23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/09/23 11:38:21 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/09/16 02:34:43 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010/06/24 15:34:52 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2010/06/24 15:34:50 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/12/16 09:30:06 | 000,356,352 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\ZCfgSvc.exe
PRC - [2003/12/16 09:24:20 | 000,184,320 | ---- | M] (Intel) -- C:\WINDOWS\system32\1XConfig.exe
PRC - [2003/12/16 09:23:40 | 000,303,171 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\system32\S24EvMon.exe
PRC - [2003/12/16 09:22:36 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\RegSrvc.exe
PRC - [2003/11/21 18:49:28 | 000,258,048 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\system32\00THotkey.exe
PRC - [2003/03/14 15:38:12 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2002/09/20 20:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/31 21:52:11 | 000,069,120 | RHS- | M] () -- C:\WINDOWS\system32\msxmlp.dll
MOD - [2011/10/25 19:50:14 | 000,155,648 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\i18CommonMgmt\acxobjmon.dll
MOD - [2011/09/16 02:05:58 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010/06/24 15:34:52 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
MOD - [2003/12/16 09:29:42 | 000,204,800 | ---- | M] () -- C:\WINDOWS\system32\C1XStngs.dll
MOD - [2003/11/14 14:57:00 | 000,081,920 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll
MOD - [2002/12/04 11:57:00 | 000,651,264 | ---- | M] () -- C:\WINDOWS\system32\libeay32.dll
MOD - [2002/12/04 11:57:00 | 000,147,456 | ---- | M] () -- C:\WINDOWS\system32\ssleay32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (SessionLauncher)
SRV - File not found [Disabled | Stopped] -- -- (RoxLiveShare10)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/09/23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/09/23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/06/24 15:34:52 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2009/01/07 18:21:00 | 000,026,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)
SRV - [2008/08/08 21:46:55 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/02/23 11:41:02 | 002,045,632 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2003/12/16 09:23:40 | 000,303,171 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\WINDOWS\system32\S24EvMon.exe -- (S24EventMonitor)
SRV - [2003/12/16 09:22:36 | 000,122,880 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\RegSrvc.exe -- (RegSrvc)
SRV - [2003/12/10 00:50:54 | 000,126,976 | ---- | M] (TOSHIBA) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe -- (Tmesrv)
SRV - [2003/12/02 21:05:54 | 000,028,672 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2003/10/21 15:26:14 | 000,053,248 | ---- | M] () [Disabled | Stopped] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2003/08/01 18:56:02 | 000,086,016 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe -- (Tmesbs)
SRV - [2003/05/23 17:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Disabled | Stopped] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2002/09/20 20:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2011/09/18 08:39:27 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/09/15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/09/15 23:55:03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/02/11 10:42:11 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2006/06/30 19:20:32 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/02/26 18:35:13 | 000,014,037 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/01/09 23:26:46 | 000,028,416 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TEchoCan.sys -- (TEchoCan)
DRV - [2004/01/02 06:52:34 | 001,646,720 | ---- | M] (IntelŪ Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w22n51.sys -- (w22n51) Intel(R)
DRV - [2003/12/24 23:34:04 | 000,091,008 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfbd.sys -- (Tosrfbd)
DRV - [2003/12/17 03:45:46 | 000,048,000 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfhid.sys -- (Tosrfhid)
DRV - [2003/12/17 00:08:46 | 000,013,312 | ---- | M] (National Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NscTpmDD.sys -- (portio)
DRV - [2003/12/16 09:16:26 | 000,010,970 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2003/12/10 21:11:26 | 000,100,153 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/12/05 13:16:38 | 000,062,607 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2003/12/05 06:50:28 | 000,979,840 | ---- | M] (IntelŪ Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51) Intel(R)
DRV - [2003/11/28 00:29:08 | 000,053,632 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2003/11/21 18:22:48 | 000,017,076 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2003/11/20 15:24:10 | 000,045,534 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosporte.sys -- (tosporte)
DRV - [2003/10/24 17:53:14 | 000,090,416 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2003/08/19 20:04:30 | 000,036,131 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2003/08/07 19:52:00 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\TVALZ.SYS -- (TVALZ)
DRV - [2003/06/11 12:53:22 | 000,006,867 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv)
DRV - [2003/02/04 16:12:36 | 000,008,605 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfec.sys -- (tosrfec)
DRV - [2003/01/29 18:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2002/12/20 17:07:00 | 001,164,576 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002/11/18 21:20:44 | 000,030,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gv3.sys -- (gv3)
DRV - [2002/09/26 17:15:28 | 000,005,760 | ---- | M] (Toshiba Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TMEI3E.sys -- (TMEI3E)
DRV - [2002/04/06 23:50:56 | 000,019,607 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TOSSMBNT.sys -- (tossmbnt)
DRV - [2001/09/11 15:54:32 | 000,038,425 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FC50227B-E2CA-4C2B-9EA2-BA4C8C529B9B}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{FC50227B-E2CA-4C2B-9EA2-BA4C8C529B9B} [2011/09/06 14:13:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/07 23:26:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/01 19:09:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 8\components [2011/10/26 08:34:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins

[2008/10/30 00:16:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/11/01 18:25:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\extensions
[2010/06/20 19:00:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/01 18:25:11 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/10/27 23:01:43 | 000,002,479 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\searchplugins\askcom.xml
[2011/01/09 17:10:11 | 000,002,698 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\searchplugins\twitter.xml
[2011/05/10 20:47:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/11 21:03:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/24 20:56:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2003/03/31 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKCU..\Run: [acxobjmon] C:\Documents and Settings\Administrator\Local Settings\Application Data\i18CommonMgmt\acxobjmon.dll ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [You must be registered and logged in to see this link.] (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [You must be registered and logged in to see this link.] (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} [You must be registered and logged in to see this link.] (Office Update Installation Engine)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} [You must be registered and logged in to see this link.] (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08C74418-A496-4E76-8E1E-D061794E858D}: DhcpNameServer = 10.1.10.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\Sebring: DllName - (C:\WINDOWS\System32\LgNotify.dll) - C:\WINDOWS\system32\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/13 20:25:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{a59288a1-ef62-11df-9d87-000e7beb410a}\Shell - "" = AutoRun
O33 - MountPoints2\{a59288a1-ef62-11df-9d87-000e7beb410a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a59288a1-ef62-11df-9d87-000e7beb410a}\Shell\AutoRun\command - "" = E:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/01 21:33:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\OTL
[2011/11/01 21:04:31 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
[2011/10/31 23:06:40 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/31 23:00:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/31 23:00:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/31 23:00:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/31 23:00:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/31 23:00:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/31 23:00:00 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/10/31 22:59:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/31 22:59:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2011/10/31 20:20:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/10/29 15:36:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Avira
[2011/10/29 15:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/10/29 15:35:15 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/10/29 15:35:05 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/10/29 15:35:05 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/10/29 15:35:05 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2011/10/29 15:34:30 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/10/29 15:34:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/10/29 15:25:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\i18CommonMgmt
[2011/10/29 11:19:28 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/10/28 00:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/10/28 00:14:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/10/16 21:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/10/16 21:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
[2011/10/16 21:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\uTorrent
[2011/10/16 21:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2011/10/11 18:44:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AppWebspl
[2011/10/07 23:30:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Apple Computer
[2011/10/07 23:30:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/10/07 23:30:04 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2011/10/07 23:28:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/07 23:27:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/07 23:27:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/10/07 23:26:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/10/07 23:25:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2011/10/07 23:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple
[2011/10/07 23:24:51 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/10/07 23:24:25 | 004,517,664 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2011/10/07 23:22:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2011/10/07 23:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/10/07 23:21:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple Computer
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/02 10:24:02 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-923130703-2451520593-1935410814-500UA.job
[2011/11/02 09:20:40 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/11/02 09:20:33 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/02 09:19:23 | 000,000,322 | -HS- | M] () -- C:\WINDOWS\tasks\IWUM.job
[2011/11/02 09:19:22 | 000,000,316 | -HS- | M] () -- C:\WINDOWS\tasks\MOBCCAFLUV.job
[2011/11/02 09:19:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/02 09:19:14 | 536,203,264 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/01 21:56:53 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/11/01 21:04:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
[2011/11/01 19:24:20 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-923130703-2451520593-1935410814-500Core.job
[2011/10/31 23:33:48 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to ComboFix.lnk
[2011/10/31 23:06:53 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/10/31 21:52:11 | 000,069,120 | RHS- | M] () -- C:\WINDOWS\System32\TZLogq.dll
[2011/10/31 21:52:11 | 000,069,120 | RHS- | M] () -- C:\WINDOWS\System32\msxmlp.dll
[2011/10/31 20:25:09 | 000,279,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/31 20:23:08 | 000,000,206 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111031_202250-10-31-11.reg
[2011/10/31 18:22:07 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/10/29 16:09:56 | 000,000,878 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111029_160917_10-29-11(2).reg
[2011/10/29 15:35:55 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2011/10/29 11:42:59 | 000,004,740 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111029_114225_10-29-11.reg
[2011/10/28 00:31:27 | 000,453,280 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111028_003053 - reg files.reg
[2011/10/28 00:17:49 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/10/28 00:03:49 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/13 22:12:22 | 000,477,786 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/13 22:12:22 | 000,086,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/07 23:30:16 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/10/07 23:26:07 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/01 21:56:53 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/10/31 23:33:46 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to ComboFix.lnk
[2011/10/31 23:06:53 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/10/31 23:06:45 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/10/31 23:00:39 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/31 23:00:39 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/31 23:00:39 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/31 23:00:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/31 23:00:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/31 21:52:12 | 000,000,322 | -HS- | C] () -- C:\WINDOWS\tasks\IWUM.job
[2011/10/31 21:52:12 | 000,000,316 | -HS- | C] () -- C:\WINDOWS\tasks\MOBCCAFLUV.job
[2011/10/31 21:52:11 | 000,069,120 | RHS- | C] () -- C:\WINDOWS\System32\TZLogq.dll
[2011/10/31 21:52:11 | 000,069,120 | RHS- | C] () -- C:\WINDOWS\System32\msxmlp.dll
[2011/10/31 20:25:09 | 536,203,264 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/31 20:25:09 | 000,279,744 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/31 20:23:02 | 000,000,206 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111031_202250-10-31-11.reg
[2011/10/29 16:09:34 | 000,000,878 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111029_160917_10-29-11(2).reg
[2011/10/29 15:35:55 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2011/10/29 11:42:46 | 000,004,740 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111029_114225_10-29-11.reg
[2011/10/28 00:31:13 | 000,453,280 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111028_003053 - reg files.reg
[2011/10/28 00:17:49 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/10/07 23:30:16 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/10/07 23:26:07 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/10/07 23:24:53 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/09/15 23:21:33 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/09/06 14:13:39 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Wzehigihagonaman.dat
[2011/09/06 14:13:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Blibirikijirazoh.bin
[2010/07/27 17:56:17 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/02/14 10:53:31 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/02/14 10:53:31 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/02/14 10:53:31 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/02/14 10:53:31 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/02/14 10:53:31 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/02/14 10:53:31 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/02/14 10:53:31 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/02/14 10:53:31 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/02/14 10:53:31 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/02/14 10:53:31 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/02/14 10:53:31 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/02/14 10:53:31 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/02/14 10:53:31 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/02/14 10:53:31 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/02/14 10:53:31 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/02/14 10:53:31 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/02/14 10:49:44 | 000,000,025 | ---- | C] () -- C:\WINDOWS\EPSCX9400Fax.ini
[2008/11/11 16:51:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\rx_image.Cache
[2008/10/08 18:38:52 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2007/08/21 15:22:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/07/06 15:54:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/06/29 17:16:01 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/04/19 14:21:35 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/04/19 14:21:00 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/03/09 22:13:15 | 000,001,890 | ---- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/03/09 22:12:45 | 000,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI
[2004/08/02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/01/14 18:53:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/14 15:21:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2004/01/14 14:53:21 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2004/01/14 14:37:54 | 000,019,607 | ---- | C] () -- C:\WINDOWS\System32\drivers\TOSSMBNT.sys
[2004/01/14 14:34:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2004/01/14 14:14:34 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/14 13:49:38 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\tcleanup.exe
[2004/01/14 13:46:50 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\000StTHK.exe
[2004/01/14 13:38:21 | 000,090,112 | ---- | C] () -- C:\WINDOWS\InstDrvr.exe
[2004/01/14 13:38:21 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2004/01/14 13:20:04 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2004/01/14 13:20:03 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2004/01/14 13:20:03 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2004/01/14 13:20:03 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2004/01/13 20:31:37 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/13 20:29:04 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/13 20:28:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/01/13 20:23:33 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/01/13 20:22:38 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/13 19:10:22 | 000,000,378 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/01/13 19:09:42 | 000,477,786 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/01/13 19:09:42 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/01/13 19:09:42 | 000,086,596 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/01/13 19:09:42 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/01/13 19:09:40 | 000,004,598 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/01/13 19:09:39 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/01/13 19:09:36 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/01/13 19:09:26 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/01/13 19:09:26 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/01/13 19:09:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/01/13 19:09:02 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/01/13 12:19:27 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/12/16 09:29:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\C1XStngs.dll
[2003/11/27 21:29:30 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\TosKeyboardPage.dll
[2003/11/27 21:13:58 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\TosMousePage.dll
[2003/11/20 20:52:02 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2003/11/14 15:05:52 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/11/14 14:57:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2003/07/29 19:33:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\TosHidAPI.dll
[2002/12/04 11:57:00 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2002/12/04 11:57:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2002/06/04 13:58:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll

========== Custom Scans ==========


< :files >

< C:\Documents and Settings\Administrator\Local Settings\Application Data\i18CommonMgmt\acxobjmon.dll >
[2011/10/25 19:50:14 | 000,155,648 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\i18CommonMgmt\acxobjmon.dll

< >

< :otl >

< O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. >

< O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. >

< O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found. >

< O4 - HKCU..\Run: [acxobjmon] C:\Documents and Settings\Administrator\Local Settings\Application Data\i18CommonMgmt\acxobjmon.dll () >

< >

< :commands >

< [reboot] >

< End of report >

computerchallenged

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2009-05-25
Operating System : Windows XP

View user profile

Back to top Go down

Re: Redirect virus

Post by computerchallenged on Thu 03 Nov 2011, 1:46 am

I tried to "run fix" but it said a reboot was required so I rebooted. Upon reboot, I tried to "run fix" and a pop up window came up. It said, "No fix has been provided. Click ok to load it from a file or Cancel to cancel.

What steps do I take from here? The log I just posted was before I tried to "run fix".

Combo fix froze and never completed but I'll look for the log.

computerchallenged

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2009-05-25
Operating System : Windows XP

View user profile

Back to top Go down

Re: Redirect virus

Post by computerchallenged on Thu 03 Nov 2011, 1:50 am

This was the log I found in "moved files" folder.

========== FILES ==========
C:\Documents and Settings\Administrator\Local Settings\Application Data\i18CommonMgmt\acxobjmon.dll moved successfully.
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\acxobjmon deleted successfully.
File C:\Documents and Settings\Administrator\Local Settings\Application Data\i18CommonMgmt\acxobjmon.dll not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.31.0 log created on 11022011_102919

computerchallenged

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2009-05-25
Operating System : Windows XP

View user profile

Back to top Go down

Re: Redirect virus

Post by computerchallenged on Thu 03 Nov 2011, 1:56 am

Cannot locate combofix.txt

computerchallenged

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2009-05-25
Operating System : Windows XP

View user profile

Back to top Go down

Re: Redirect virus

Post by Gabethebabe on Thu 03 Nov 2011, 2:07 am

Redirects still happening?

If no, skip the TDSSKiller step and go on to the next.

====================

  • Download TDSSKiller by Kaspersky from here and save it to your desktop
  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
  • The report can also be found in the root of your Windows drive (most likely C:\).


====================

Please download Malwarebytes' Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
  • If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
  • Click OK to either and let MBAM proceed with the disinfection process.
  • If asked to restart the computer, please do so immediately.

Post the contents of the MBAM log in your next reply, please.

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Redirect virus

Post by computerchallenged on Thu 03 Nov 2011, 2:30 am

still having redirect issues.......TDDSKiller report

11:24:15.0478 2640 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
11:24:16.0129 2640 ============================================================
11:24:16.0129 2640 Current date / time: 2011/11/02 11:24:16.0129
11:24:16.0129 2640 SystemInfo:
11:24:16.0129 2640
11:24:16.0129 2640 OS Version: 5.1.2600 ServicePack: 3.0
11:24:16.0129 2640 Product type: Workstation
11:24:16.0129 2640 ComputerName: B-C6SPFYDMW376J
11:24:16.0129 2640 UserName: Administrator
11:24:16.0129 2640 Windows directory: C:\WINDOWS
11:24:16.0129 2640 System windows directory: C:\WINDOWS
11:24:16.0129 2640 Processor architecture: Intel x86
11:24:16.0129 2640 Number of processors: 1
11:24:16.0129 2640 Page size: 0x1000
11:24:16.0129 2640 Boot type: Normal boot
11:24:16.0129 2640 ============================================================
11:24:18.0372 2640 Initialize success
11:26:16.0172 3840 ============================================================
11:26:16.0172 3840 Scan started
11:26:16.0172 3840 Mode: Manual;
11:26:16.0172 3840 ============================================================
11:26:19.0477 3840 Abiosdsk - ok
11:26:19.0957 3840 abp480n5 - ok
11:26:20.0278 3840 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:26:20.0288 3840 ACPI - ok
11:26:20.0448 3840 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:26:20.0508 3840 ACPIEC - ok
11:26:20.0618 3840 adpu160m - ok
11:26:20.0718 3840 aeaudio (2c5b1f8142a96233c07c93328b5ea635) C:\WINDOWS\system32\drivers\aeaudio.sys
11:26:20.0738 3840 aeaudio - ok
11:26:20.0869 3840 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:26:20.0869 3840 aec - ok
11:26:21.0019 3840 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
11:26:21.0019 3840 Afc - ok
11:26:21.0119 3840 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:26:21.0119 3840 AFD - ok
11:26:21.0299 3840 AgereSoftModem (e66ae825c42b668a90e67e7e41eeeee7) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
11:26:21.0329 3840 AgereSoftModem - ok
11:26:21.0479 3840 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
11:26:21.0530 3840 agp440 - ok
11:26:21.0600 3840 Aha154x - ok
11:26:21.0670 3840 aic78u2 - ok
11:26:21.0770 3840 aic78xx - ok
11:26:21.0840 3840 AliIde - ok
11:26:21.0900 3840 amsint - ok
11:26:22.0050 3840 ApfiltrService (4560a7079a53db71b1da013b8d18baf0) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
11:26:22.0050 3840 ApfiltrService - ok
11:26:22.0140 3840 asc - ok
11:26:22.0201 3840 asc3350p - ok
11:26:22.0281 3840 asc3550 - ok
11:26:22.0481 3840 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:26:22.0521 3840 AsyncMac - ok
11:26:22.0631 3840 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:26:22.0631 3840 atapi - ok
11:26:22.0731 3840 Atdisk - ok
11:26:22.0821 3840 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:26:22.0871 3840 Atmarpc - ok
11:26:23.0022 3840 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:26:23.0022 3840 audstub - ok
11:26:23.0142 3840 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
11:26:23.0142 3840 avgntflt - ok
11:26:23.0252 3840 avipbb (912d23140cd05980f6cdae790ddafc8d) C:\WINDOWS\system32\DRIVERS\avipbb.sys
11:26:23.0252 3840 avipbb - ok
11:26:23.0422 3840 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
11:26:23.0422 3840 avkmgr - ok
11:26:23.0552 3840 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:26:23.0552 3840 Beep - ok
11:26:23.0693 3840 catchme - ok
11:26:23.0833 3840 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:26:23.0873 3840 cbidf2k - ok
11:26:23.0953 3840 cd20xrnt - ok
11:26:24.0053 3840 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:26:24.0053 3840 Cdaudio - ok
11:26:24.0203 3840 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:26:24.0203 3840 Cdfs - ok
11:26:24.0284 3840 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:26:24.0284 3840 Cdrom - ok
11:26:24.0424 3840 Changer - ok
11:26:24.0594 3840 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:26:24.0594 3840 CmBatt - ok
11:26:24.0664 3840 CmdIde - ok
11:26:24.0734 3840 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:26:24.0774 3840 Compbatt - ok
11:26:24.0904 3840 Cpqarray - ok
11:26:24.0985 3840 dac2w2k - ok
11:26:25.0035 3840 dac960nt - ok
11:26:25.0145 3840 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:26:25.0205 3840 Disk - ok
11:26:25.0385 3840 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:26:25.0455 3840 dmboot - ok
11:26:25.0585 3840 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:26:25.0625 3840 dmio - ok
11:26:25.0736 3840 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:26:25.0776 3840 dmload - ok
11:26:25.0896 3840 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:26:25.0906 3840 DMusic - ok
11:26:26.0016 3840 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
11:26:26.0066 3840 dot4 - ok
11:26:26.0166 3840 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
11:26:26.0206 3840 Dot4Print - ok
11:26:26.0346 3840 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
11:26:26.0437 3840 Dot4Scan - ok
11:26:26.0547 3840 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
11:26:26.0587 3840 dot4usb - ok
11:26:26.0707 3840 dpti2o - ok
11:26:26.0807 3840 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:26:26.0807 3840 drmkaud - ok
11:26:26.0917 3840 E100B (83403675cab29e7a4b885b11e7c855d8) C:\WINDOWS\system32\DRIVERS\e100b325.sys
11:26:26.0917 3840 E100B - ok
11:26:27.0068 3840 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:26:27.0128 3840 Fastfat - ok
11:26:27.0248 3840 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
11:26:27.0258 3840 Fdc - ok
11:26:27.0328 3840 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:26:27.0328 3840 Fips - ok
11:26:27.0478 3840 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
11:26:27.0478 3840 Flpydisk - ok
11:26:27.0598 3840 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:26:27.0628 3840 FltMgr - ok
11:26:27.0698 3840 FreshIO - ok
11:26:27.0779 3840 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:26:27.0779 3840 Fs_Rec - ok
11:26:27.0919 3840 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:26:27.0969 3840 Ftdisk - ok
11:26:28.0099 3840 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
11:26:28.0099 3840 GEARAspiWDM - ok
11:26:28.0249 3840 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:26:28.0259 3840 Gpc - ok
11:26:28.0369 3840 gv3 (01cdb5b4649fae249e787a83be22916a) C:\WINDOWS\system32\DRIVERS\gv3.sys
11:26:28.0470 3840 gv3 - ok
11:26:28.0600 3840 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:26:28.0600 3840 HidUsb - ok
11:26:28.0670 3840 hpn - ok
11:26:28.0790 3840 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:26:28.0800 3840 HTTP - ok
11:26:28.0900 3840 i2omgmt - ok
11:26:28.0960 3840 i2omp - ok
11:26:29.0070 3840 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:26:29.0080 3840 i8042prt - ok
11:26:29.0201 3840 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:26:29.0201 3840 Imapi - ok
11:26:29.0271 3840 ini910u - ok
11:26:29.0401 3840 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
11:26:29.0531 3840 IntelIde - ok
11:26:29.0681 3840 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:26:29.0681 3840 intelppm - ok
11:26:29.0761 3840 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:26:29.0811 3840 ip6fw - ok
11:26:29.0922 3840 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:26:29.0972 3840 IpFilterDriver - ok
11:26:30.0122 3840 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:26:30.0152 3840 IpInIp - ok
11:26:30.0242 3840 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:26:30.0252 3840 IpNat - ok
11:26:30.0362 3840 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:26:30.0362 3840 IPSec - ok
11:26:30.0522 3840 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
11:26:30.0522 3840 irda - ok
11:26:30.0593 3840 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:26:30.0603 3840 IRENUM - ok
11:26:30.0713 3840 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:26:30.0773 3840 isapnp - ok
11:26:30.0893 3840 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:26:30.0893 3840 Kbdclass - ok
11:26:30.0993 3840 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:26:31.0003 3840 kmixer - ok
11:26:31.0163 3840 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:26:31.0193 3840 KSecDD - ok
11:26:31.0294 3840 lbrtfdc - ok
11:26:31.0404 3840 MBAMSwissArmy - ok
11:26:31.0734 3840 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys
11:26:31.0734 3840 MCSTRM - ok
11:26:31.0844 3840 MDC8021X (0f528e44cdc78365be693ae723e3801c) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
11:26:31.0844 3840 MDC8021X - ok
11:26:31.0995 3840 meiudf (766a1d242f4390ddf1243084898a20c9) C:\WINDOWS\system32\Drivers\meiudf.sys
11:26:31.0995 3840 meiudf - ok
11:26:32.0125 3840 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:26:32.0125 3840 mnmdd - ok
11:26:32.0245 3840 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:26:32.0245 3840 Modem - ok
11:26:32.0365 3840 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:26:32.0365 3840 Mouclass - ok
11:26:32.0525 3840 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:26:32.0525 3840 mouhid - ok
11:26:32.0646 3840 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:26:32.0676 3840 MountMgr - ok
11:26:32.0796 3840 mraid35x - ok
11:26:32.0946 3840 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
11:26:32.0986 3840 MREMP50 - ok
11:26:32.0996 3840 MREMPR5 - ok
11:26:33.0006 3840 MRENDIS5 - ok
11:26:33.0036 3840 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
11:26:33.0086 3840 MRESP50 - ok
11:26:33.0256 3840 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:26:33.0306 3840 MRxDAV - ok
11:26:33.0497 3840 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:26:33.0507 3840 MRxSmb - ok
11:26:33.0647 3840 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:26:33.0647 3840 Msfs - ok
11:26:33.0737 3840 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:26:33.0777 3840 MSKSSRV - ok
11:26:33.0877 3840 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:26:33.0917 3840 MSPCLOCK - ok
11:26:34.0048 3840 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:26:34.0118 3840 MSPQM - ok
11:26:34.0228 3840 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:26:34.0238 3840 mssmbios - ok
11:26:34.0388 3840 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:26:34.0488 3840 Mup - ok
11:26:34.0648 3840 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:26:34.0708 3840 NDIS - ok
11:26:34.0869 3840 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:26:34.0869 3840 NdisTapi - ok
11:26:34.0929 3840 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:26:34.0929 3840 Ndisuio - ok
11:26:35.0049 3840 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:26:35.0049 3840 NdisWan - ok
11:26:35.0179 3840 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:26:35.0179 3840 NDProxy - ok
11:26:35.0279 3840 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:26:35.0279 3840 NetBIOS - ok
11:26:35.0420 3840 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:26:35.0420 3840 NetBT - ok
11:26:35.0610 3840 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
11:26:35.0610 3840 Netdevio - ok
11:26:35.0720 3840 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:26:35.0720 3840 Npfs - ok
11:26:35.0870 3840 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:26:35.0920 3840 Ntfs - ok
11:26:36.0080 3840 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:26:36.0080 3840 Null - ok
11:26:36.0271 3840 nv (f409d1bf29c59c94c62940d6fc0287ed) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:26:36.0301 3840 nv - ok
11:26:36.0511 3840 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:26:36.0561 3840 NwlnkFlt - ok
11:26:36.0661 3840 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:26:36.0711 3840 NwlnkFwd - ok
11:26:36.0862 3840 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
11:26:36.0872 3840 Parport - ok
11:26:36.0942 3840 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:26:36.0972 3840 PartMgr - ok
11:26:37.0082 3840 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:26:37.0082 3840 ParVdm - ok
11:26:37.0232 3840 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:26:37.0262 3840 PCI - ok
11:26:37.0332 3840 PCIDump - ok
11:26:37.0462 3840 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:26:37.0563 3840 PCIIde - ok
11:26:37.0723 3840 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
11:26:37.0763 3840 Pcmcia - ok
11:26:37.0823 3840 PDCOMP - ok
11:26:37.0903 3840 PDFRAME - ok
11:26:37.0993 3840 PDRELI - ok
11:26:38.0053 3840 PDRFRAME - ok
11:26:38.0113 3840 perc2 - ok
11:26:38.0194 3840 perc2hib - ok
11:26:38.0344 3840 portio (a8ee1056229f1ea2b2fd1dae7e98af4e) C:\WINDOWS\system32\DRIVERS\NscTpmDD.sys
11:26:38.0384 3840 portio - ok
11:26:38.0594 3840 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:26:38.0594 3840 PptpMiniport - ok
11:26:38.0664 3840 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
11:26:38.0664 3840 Processor - ok
11:26:38.0744 3840 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:26:38.0744 3840 PSched - ok
11:26:38.0854 3840 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:26:38.0854 3840 Ptilink - ok
11:26:38.0955 3840 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
11:26:38.0995 3840 PxHelp20 - ok
11:26:39.0075 3840 ql1080 - ok
11:26:39.0155 3840 Ql10wnt - ok
11:26:39.0235 3840 ql12160 - ok
11:26:39.0295 3840 ql1240 - ok
11:26:39.0365 3840 ql1280 - ok
11:26:39.0505 3840 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:26:39.0505 3840 RasAcd - ok
11:26:39.0656 3840 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
11:26:39.0656 3840 Rasirda - ok
11:26:39.0786 3840 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:26:39.0786 3840 Rasl2tp - ok
11:26:39.0896 3840 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:26:39.0896 3840 RasPppoe - ok
11:26:40.0016 3840 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:26:40.0016 3840 Raspti - ok
11:26:40.0146 3840 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:26:40.0156 3840 Rdbss - ok
11:26:40.0297 3840 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:26:40.0297 3840 RDPCDD - ok
11:26:40.0387 3840 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:26:40.0397 3840 rdpdr - ok
11:26:40.0577 3840 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
11:26:40.0617 3840 RDPWD - ok
11:26:40.0737 3840 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:26:40.0737 3840 redbook - ok
11:26:40.0877 3840 s24trans (20f5dd9defbfa3f006082817163fd4f0) C:\WINDOWS\system32\DRIVERS\s24trans.sys
11:26:40.0887 3840 s24trans - ok
11:26:41.0068 3840 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
11:26:41.0068 3840 sdbus - ok
11:26:41.0168 3840 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:26:41.0218 3840 Secdrv - ok
11:26:41.0378 3840 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:26:41.0378 3840 serenum - ok
11:26:41.0508 3840 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
11:26:41.0508 3840 Serial - ok
11:26:41.0618 3840 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
11:26:41.0669 3840 sffdisk - ok
11:26:41.0799 3840 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
11:26:41.0849 3840 sffp_sd - ok
11:26:41.0969 3840 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
11:26:42.0019 3840 Sfloppy - ok
11:26:42.0129 3840 Simbad - ok
11:26:42.0219 3840 SMCIRDA (9951b523fe6820f29ef010680cb692d2) C:\WINDOWS\system32\DRIVERS\smcirda.sys
11:26:42.0219 3840 SMCIRDA - ok
11:26:42.0390 3840 smwdm (5f0e2e868030ec4f0cb6e608267d3541) C:\WINDOWS\system32\drivers\smwdm.sys
11:26:42.0400 3840 smwdm - ok
11:26:42.0520 3840 Sparrow - ok
11:26:42.0630 3840 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:26:42.0630 3840 splitter - ok
11:26:42.0730 3840 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:26:42.0770 3840 sr - ok
11:26:42.0930 3840 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:26:42.0940 3840 Srv - ok
11:26:43.0061 3840 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
11:26:43.0061 3840 ssmdrv - ok
11:26:43.0201 3840 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:26:43.0201 3840 swenum - ok
11:26:43.0281 3840 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:26:43.0281 3840 swmidi - ok
11:26:43.0361 3840 symc810 - ok
11:26:43.0481 3840 symc8xx - ok
11:26:43.0541 3840 sym_hi - ok
11:26:43.0601 3840 sym_u3 - ok
11:26:43.0701 3840 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:26:43.0711 3840 sysaudio - ok
11:26:43.0882 3840 TBiosDrv (eeca2b57545e7b7be949b5e70e31444f) C:\WINDOWS\System32\drivers\TBiosDrv.sys
11:26:43.0882 3840 TBiosDrv - ok
11:26:44.0002 3840 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:26:44.0012 3840 Tcpip - ok
11:26:44.0122 3840 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:26:44.0172 3840 TDPIPE - ok
11:26:44.0272 3840 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:26:44.0322 3840 TDTCP - ok
11:26:44.0463 3840 TEchoCan (dd914af7d64c96821fd5695c22636d1d) C:\WINDOWS\system32\DRIVERS\TEchoCan.sys
11:26:44.0513 3840 TEchoCan - ok
11:26:44.0693 3840 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:26:44.0693 3840 TermDD - ok
11:26:44.0813 3840 TMEI3E (dde020c16673b702d7235b0d96d34fd7) C:\WINDOWS\system32\Drivers\TMEI3E.SYS
11:26:44.0813 3840 TMEI3E - ok
11:26:44.0883 3840 TosIde - ok
11:26:45.0033 3840 tosporte (798f49166c4ac5b923c1087e5a6fcdfa) C:\WINDOWS\system32\DRIVERS\tosporte.sys
11:26:45.0033 3840 tosporte - ok
11:26:45.0144 3840 Tosrfbd (6b3fbb12a3eef2cda102a114f92e0a51) C:\WINDOWS\system32\Drivers\tosrfbd.sys
11:26:45.0174 3840 Tosrfbd - ok
11:26:45.0284 3840 Tosrfbnp (a217494ea392b07dbbe5a92d10a57ecd) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
11:26:45.0334 3840 Tosrfbnp - ok
11:26:45.0474 3840 Tosrfcom (fbdacbeb53d712574f362c3f7fb133b5) C:\WINDOWS\system32\Drivers\tosrfcom.sys
11:26:45.0474 3840 Tosrfcom - ok
11:26:45.0574 3840 tosrfec (75b20ee4d4f6bc610d3ac10896d78606) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
11:26:45.0624 3840 tosrfec - ok
11:26:45.0754 3840 Tosrfhid (1ca96125db431ef4b1c0fd15fcbd05c5) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
11:26:45.0794 3840 Tosrfhid - ok
11:26:45.0915 3840 tosrfnds (ca182a32ded1dffc220793a0e95de5b5) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
11:26:45.0935 3840 tosrfnds - ok
11:26:46.0075 3840 Tosrfusb (0c6db0b117040fe6511cbeb2e65b1643) C:\WINDOWS\system32\Drivers\tosrfusb.sys
11:26:46.0115 3840 Tosrfusb - ok
11:26:46.0275 3840 tossmbnt (b3b20cd6ab0c9ef8feef9fbbe04f1cb2) C:\WINDOWS\system32\drivers\tossmbnt.sys
11:26:46.0275 3840 tossmbnt - ok
11:26:46.0395 3840 TVALZ (9d8fcc6099d641d7c2bdc7f41193bec5) C:\WINDOWS\system32\DRIVERS\TVALZ.SYS
11:26:46.0495 3840 TVALZ - ok
11:26:46.0726 3840 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:26:46.0726 3840 Udfs - ok
11:26:46.0796 3840 ultra - ok
11:26:46.0916 3840 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:26:46.0926 3840 Update - ok
11:26:47.0076 3840 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
11:26:47.0116 3840 USBAAPL - ok
11:26:47.0237 3840 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:26:47.0267 3840 usbccgp - ok
11:26:47.0387 3840 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:26:47.0397 3840 usbehci - ok
11:26:47.0517 3840 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:26:47.0517 3840 usbhub - ok
11:26:47.0617 3840 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:26:47.0667 3840 usbprint - ok
11:26:47.0807 3840 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:26:47.0837 3840 usbscan - ok
11:26:47.0958 3840 usbsermpt (caad3467fbfae8a380f67e9c7150a85e) C:\WINDOWS\system32\DRIVERS\usbsermpt.sys
11:26:48.0008 3840 usbsermpt - ok
11:26:48.0138 3840 usbsermptxp (49106ee29074e6a3d3ac9e24c6d791d8) C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys
11:26:48.0168 3840 usbsermptxp - ok
11:26:48.0298 3840 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:26:48.0328 3840 USBSTOR - ok
11:26:48.0458 3840 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:26:48.0458 3840 usbuhci - ok
11:26:48.0619 3840 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:26:48.0619 3840 VgaSave - ok
11:26:48.0679 3840 ViaIde - ok
11:26:48.0789 3840 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:26:48.0839 3840 VolSnap - ok
11:26:49.0079 3840 w22n51 (4c009d4352849d79bf347846b6e03bfd) C:\WINDOWS\system32\DRIVERS\w22n51.sys
11:26:49.0159 3840 w22n51 - ok
11:26:49.0350 3840 w70n51 (3eccbb3689807787cd4c0fed20b1d0d8) C:\WINDOWS\system32\DRIVERS\w70n51.sys
11:26:49.0370 3840 w70n51 - ok
11:26:49.0850 3840 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:26:49.0860 3840 Wanarp - ok
11:26:50.0141 3840 wceusbsh (56242d5be3bfc8f2a212e6d1f9a16697) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
11:26:50.0191 3840 wceusbsh - ok
11:26:50.0301 3840 WDICA - ok
11:26:50.0421 3840 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:26:50.0431 3840 wdmaud - ok
11:26:50.0591 3840 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:26:50.0621 3840 WudfPf - ok
11:26:50.0752 3840 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:26:50.0812 3840 WudfRd - ok
11:26:50.0872 3840 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
11:26:50.0952 3840 \Device\Harddisk0\DR0 - ok
11:26:50.0962 3840 Boot (0x1200) (e782df6f99571c6815978867528b1aba) \Device\Harddisk0\DR0\Partition0
11:26:50.0962 3840 \Device\Harddisk0\DR0\Partition0 - ok
11:26:50.0972 3840 ============================================================
11:26:50.0972 3840 Scan finished
11:26:50.0972 3840 ============================================================
11:26:50.0982 2604 Detected object count: 0
11:26:50.0982 2604 Actual detected object count: 0

computerchallenged

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2009-05-25
Operating System : Windows XP

View user profile

Back to top Go down

Re: Redirect virus

Post by computerchallenged on Thu 03 Nov 2011, 2:47 am

Malwarebytes log

Malwarebytes' Anti-Malware 1.51.2.1300
[You must be registered and logged in to see this link.]

Database version: 8068

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/2/2011 11:45:32 AM
mbam-log-2011-11-02 (11-45-32).txt

Scan type: Quick scan
Objects scanned: 169499
Time elapsed: 10 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

computerchallenged

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2009-05-25
Operating System : Windows XP

View user profile

Back to top Go down

Re: Redirect virus

Post by computerchallenged on Thu 03 Nov 2011, 2:48 am

I noticed it states Internet Explorer 8.0 but I am using Firefox. Not sure if that makes a difference or not.

computerchallenged

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2009-05-25
Operating System : Windows XP

View user profile

Back to top Go down

Re: Redirect virus

Post by Gabethebabe on Thu 03 Nov 2011, 6:21 pm

Could you verify if redirects also happen in Internet Explorer?

If they only occur in Firefox, please run this:

Please download GooredFix by jpshortstuff from one of the locations below and save it to your desktop:
Download Mirror #1
Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (WIN XP), or right-click and select Run As Administrator (Vista/WIN7).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Redirect virus

Post by computerchallenged on Fri 04 Nov 2011, 12:10 am

Redirects happen with Internet Explorer too.

computerchallenged

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2009-05-25
Operating System : Windows XP

View user profile

Back to top Go down

Re: Redirect virus

Post by Gabethebabe on Fri 04 Nov 2011, 2:18 am

Lets have a look if your router was compromised.

We need to know the DNS (Domain Name Server) settings of your router. To find out the DNS settings of your router, you will have to access your router (requiring username and password) and look up those settings.
If you donīt know how to do that, please consult the manual of the router. If you canīt locate this manual, you can try:
  • To download the manual at the website of the routerīs manufacturer.
  • Consult this webpage. It will explain for various brands of routers how to change DNS settings (Donīt actually change anything! Just list the IP addresses that your router reports as DNS servers).

An example of what we are looking for:

In the above example, you would report to me "208.67.222.222" and "208.67.220.220".

If you donīt find the option of DNS servers, depending on the type of router, you might have to look under an option called "DHCP Server" and find the settings for the DNS servers, which by some routers is called "Static DNS".

Please let me know if you run into any kind of trouble.

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Redirect virus

Post by computerchallenged on Fri 04 Nov 2011, 2:41 am

Router as in wireless router? I have the computer here at work now and is connected to my work wireless router and it is doing the same thing here as it did at home.

computerchallenged

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2009-05-25
Operating System : Windows XP

View user profile

Back to top Go down

Re: Redirect virus

Post by Gabethebabe on Fri 04 Nov 2011, 2:49 am

So it is not your router either!

This bugger is well hidden if aswmbr and tdsskiller cannot find it.

Download GMER Rootkit Scanner from here and save it to your desktop.
Note that it will have a random name.

  • Double click the file to run the tool. It may take a while to load.
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan, click No
  • In the right panel, you will see several boxes that have been checked
  • Make sure this is unchecked: Show All
  • Make sure only your system drive (usually C:\) is checked and uncheck all other drives you might have on your system
  • Click Scan to start the scan
  • When it has finished, click Save and save the log as gmer.txt on your desktop
  • If GMER reports any <--- ROOTKIT entries, donīt take any action. It could be a false positive.
  • Click OK to quit GMER.
  • Please post the contents of gmer.txt into your next reply.

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Redirect virus

Post by computerchallenged on Fri 04 Nov 2011, 6:09 am

FYI - GMER scanner still running.

computerchallenged

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2009-05-25
Operating System : Windows XP

View user profile

Back to top Go down

Re: Redirect virus

Post by computerchallenged on Fri 04 Nov 2011, 8:04 am

the gmer scan took a long time but here is the report. And as an fyi - I saved the report but when I copied and pasted in this window, it wouldn't post. This area showed blank and I tried to refresh screen but it wouldn't come up. So I copied the file to a flash drive, loaded it on my work computer and then logged in and pasted it from my work computer.

GMER 1.0.15.15641 - [You must be registered and logged in to see this link.]
Rootkit scan 2011-11-03 16:54:53
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK4025GAS rev.KA101A
Running: i33julyi.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kfgdypog.sys


---- System - GMER 1.0.15 ----

SSDT F8E54894 ZwClose
SSDT F8E5484E ZwCreateKey
SSDT F8E5489E ZwCreateSection
SSDT F8E54844 ZwCreateThread
SSDT F8E54853 ZwDeleteKey
SSDT F8E5485D ZwDeleteValueKey
SSDT F8E5488F ZwDuplicateObject
SSDT F8E54862 ZwLoadKey
SSDT F8E54830 ZwOpenProcess
SSDT F8E54835 ZwOpenThread
SSDT F8E548B7 ZwQueryValueKey
SSDT F8E5486C ZwReplaceKey
SSDT F8E548A8 ZwRequestWaitReplyPort
SSDT F8E54867 ZwRestoreKey
SSDT F8E548A3 ZwSetContextThread
SSDT F8E548AD ZwSetSecurityObject
SSDT F8E54858 ZwSetValueKey
SSDT F8E548B2 ZwSystemDebugControl
SSDT F8E5483F ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 15C 804E27C8 1 Byte [8F]
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF7B4A340, 0x1066EF, 0xF8000020]
.text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF012300, 0x234BE0, 0xF8000020]

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1

---- EOF - GMER 1.0.15 ----

computerchallenged

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2009-05-25
Operating System : Windows XP

View user profile

Back to top Go down

Re: Redirect virus

Post by Gabethebabe on Fri 04 Nov 2011, 8:09 pm

There is no sign of anything!

Could you perform the router check as I requested before?
I could be possible that both routers you work with have been hacked.

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Redirect virus

Post by computerchallenged on Sat 05 Nov 2011, 12:33 am

I'm at my work now and accessed the router info.

Login Type: Automatic Configuration - DHCP

DHCP Server: (only has option to enable or disable) it is enabled

Then it gives starting IP address

Static DNS 1-3 are all 0.0.0.0
When I go under the status tab, the only DNS number I can find is:

DNS 1 10.1.10.1

I checked every setting and those are the only ones with "DNS"

Keep in mind, the desktop here at work does not have the redirect problem.

Not sure if this will help. I googled nfl schedule. the search result page came up. first one on the list was NFL Games and has a web address of [You must be registered and logged in to see this link.] should be a safe site. I right clicked on the link and copied it. This is where it says it's going to send me:

[You must be registered and logged in to see this link.]

I actually clicked on the link itself and this is where it took me:

[You must be registered and logged in to see this link.]

Sometimes I can cut the first part of the string and get to the website it is supposed to go to.

Not sure if this helps or not.

computerchallenged

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2009-05-25
Operating System : Windows XP

View user profile

Back to top Go down

Re: Redirect virus

Post by Gabethebabe on Sat 05 Nov 2011, 1:48 am

hmmm

Weīll try combofix and if that does not give us any new info, go to a boot disk.

ComboFix by sUBs is a powerful tool that you are advised not to run without supervision of a trained malware helper. Please visit this webpage and read the tutorial on using ComboFix very carefully. After that download the tool and save it to your desktop.

Doubleclick ComboFix.exe to run the tool. Please post its log back here.

Note that I will be offline in the weekend. We might need to continue next week.

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Redirect virus

Post by computerchallenged on Sat 05 Nov 2011, 2:47 am

running combofix now. Will post log when I finish. Thank you for your time and if we can't get this done today, that is fine. I'm just happy for the fact that you are helping me. Enjoy the weekend!!

computerchallenged

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2009-05-25
Operating System : Windows XP

View user profile

Back to top Go down

Re: Redirect virus

Post by Sponsored content Today at 9:50 am


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum